-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide support/documentation for running step isser as a namespace local issuer and not cluster issuer #37
Comments
I can think of a couple of things to limit the exposure:
I haven't tested any of those options. |
Unfortunately i deployed this as a namespace local issuer but the deployment container just complains about not being able to list resources at the cluster scope, specifically the manage container in the step issuer deployment |
I suppose it would be simple to add a flag that does not start the |
my need for this is no longer existent but I still see this as a valid use case, especially if this were used in an on prem enterprise context. Not sure if you're waiting on me for anything but I think that would work. |
I'll probably add the feature, but I haven't started to work on it yet. |
Running as a cluster issuer is not desirable and not allow us to isolate permissions on a namespace basis. There is a big security concern giving one issuer access to all of out namespaces for certificate requests, config maps, leases etc.
As an additional nicety, would like to see an option to not use helm for deploying resources. It's very black box unless we go inspect your repo.
The text was updated successfully, but these errors were encountered: